The vulnerability in RealMag777 Active Products Tables for WooCommerce is an improper neutralization of special elements in an SQL command, classified under CWE‑89. Attackers can inject malicious SQL through unsanitized input, which can lead to arbitrary data retrieval, modification, or deletion from the database. Because the injection is blind, attackers may need to infer information through timing or error responses, but still gain significant control over database contents.

Any WordPress site running the Active Products Tables for WooCommerce plugin at versions n/a through 1.0.9 is affected. The vulnerability applies to all installations using those plugin versions, regardless of other site configuration.

The CVSS score of 9.3 indicates a critical severity, though the EPSS score is not available, limiting precise exploitation probability estimates. The lack of a KEV listing suggests no known widespread exploitation to date, but the high CVSS and nature of the flaw mean attackers could potentially craft an exploit if they can reach the vulnerable input. The attack vector is likely remote, via web requests to endpoints handled by the plugin, and does not require local privileges. The flaw can be leveraged without initial authentication in many cases, enabling unauthorized data exposure or modification.